Using mobile phones to access Web Services in a secure way. Dan Marinescu

Size: px
Start display at page:

Download "Using mobile phones to access Web Services in a secure way. Dan Marinescu"

Transcription

1 Using mobile phones to access Web Services in a secure way Dan Marinescu March 7, 2007

2 Abstract Web Services is a technology that has gained in acceptance and popularity over the past years. The promise of providing interoperability in a heterogeneous world, as well as the possibility of offloading operations that require high processing power, make the mobile phones an ideal target device for accessing web services. But along with these advantages come security concerns. This article presents how Web Services can be accessed using a mobile phone, and how the communication between the web service and the mobile phone client can be secured.

3 Contents 1 Introduction 2 2 Background JavaME Web Services Accessing Web Services using the JavaME Web Services API Introduction to the J2ME Web Services API Using the JavaME Web Services API Security and Trust Services API: Providing security for JavaME applications Introduction to the Security and Trust Services API Using SATSA PKI to secure the communication with Web Services Discussion and Conclusion 12 1

4 1 Introduction In this article, the Java Platform, Micro Edition (JavaME) will be used to demonstrate how a mobile phone and a Web Service can communicate in a secure way. Section 2 briefly introduces the JavaME Platform and the basic concepts behind Web Services. Afterwards, in Section 3, the JavaME Web Services API will be presented, together with an example of how to access a Web Service using this API. Section 4 introduces the JavaME Security and Trust Services API and extends the previous example by using this API to secure the communication between the mobile phone and the Web Service. Finally, Section 5 concludes this article. 2

5 2 Background 2.1 JavaME JavaME is an application platform for mobile devices. Developers using JavaME can develop applications, using the Java language, that are portable across a long range of mobile devices (like PDAs, TV set-top boxes and of course mobile phones) and operating systems. A further discussion of JavaME is outside the purpose of this article. More information regarding JavaME can be found at jsp. 2.2 Web Services In order to be accessed by a client, a Web Service needs to be developed and deployed in a way that is understandable for the client. The Web Services Description Language (WSDL) is an XML-based language used to describe a public interface for a Web Service. This includes information like the address where the Web Service is located and the publicly available functions it provides. After a Web Service has been deployed, it can be accessed by a client. The communication between the client and the Web Service takes place using SOAP, an XML-based protocol used to exchange object data. Although SOAP can be used in conjunction with several transport protocols like SMTP or FTP, it is HTTP that is becoming the standard way of transporting SOAP. 3

6 3 Accessing Web Services using the JavaME Web Services API 3.1 Introduction to the J2ME Web Services API The Java ME Web Services API (WSA) is defined through the Java Community Process as Java Specification Request (JSR) 172. Its purpose is to provide mobile applications written in Java with a way of accessing Web Services, and it does that by providing two optional packages: A package for XML processing, based on the Simple API for XML 2 (SAX2) 1 and the Java API for XML Processing (JAXP) 2 A package for remote service invocation, representing a subset of the Java API for XML-based RPC version 1.1 (JAX-RPC 1.1) 3 For the purpose of this article we will focus on the second package, namely the JAX-RPC 1.1 subset. Figure 1 shows the common components of a JavaME application that consumes Web Services using WSA. The two main components that are communicating are the service provider (also known as the endpoint) and the service consumer (also called the client). They communicate over the network by using SOAP encoded messages, typically transported over HTTP. Figure 1: The components of a mobile application consuming Web Services with JavaME WSA [2] 1 see for more information 2 see for more information 3 see for more information 4

7 On the service provider side, the services represent the business logic and are hosted inside a so-called SOAP engine. The SOAP engine provides the JAX-RPC SOAP runtime for service invocation. The ties component represent the proxy classes responsible for marshalling and unmarshalling data. Requests and responses are, in this case, transported over the Web by means of a Web Server. The service consumer side is located inside the mobile device. According to the JSR 172 specification, the JAX-RPC runtime is embedded in the device by the manufacturer. On top of that are the client stubs, which represent the remote service, thereby hiding the complexity of data-encoding and communication with the service. The application logic uses the stubs to access the services as if it would be locally (from the applications point of view) located. Note that WSA provides only a subset of JAX-RPC 1.1. This involves some limitations, among which no support for SOAP Message Handlers and the possibility of accessing SOAP Endpoints only in document/literal modus. 3.2 Using the JavaME Web Services API Now that the basic concepts behind WSA have been introduced, let s see an example of how this API can be used to access a Web Service. In this example, the mobile client will access a Broker Web Service that buys stocks on behalf of the client. The client does that by calling the method buy(string identifier), just like in Figure 2. In order to keep this example simple, the only parameter of the buy() method is an identifier which contains information regarding the customer, the type and amount of stocks to be bought. The Web Service answers by confirming that the stocks were bought. Figure 2: Example: Mobile client calls the Broker Web Service 5

8 The first step in developing the client is generating the client stubs. This can be achieved by using the stub generator that comes with the Sun Java Wireless Toolkit 2.5. As shown in Figure 3, the stub generator needs to be provided with the URL of the WSDL file, the output path and the name of the package where the stub files will be generated. Figure 3: Example: Mobile client calls the Broker Web Service In this example, two files are generated: BrokerWS_Stub.java and BrokerWS.java. The BrokerWS.java is an interface which provides the signature of the buy() method provided by the Broker Web Service. The BrokerWS_Stub class implements this interface, as well as the javax.xml.rpc.stub interface and masks the entire complexity of the remote method invocation. Since these files are automatically generated, it is not recommended to edit and modify them. 6

9 Once the stubs have been generated, an object of type BrokerWS_Stub can be instantiated in the application code, just like in line 2 of Listing 1. In line 3, the target service endpoint address is specified by using the _setproperty() method, while in line 4 is indicated that the client wants to participate in a session with a service endpoint. After these configuration steps, the buy() method can be called. Line 5 shows that, from the client applications point of view, the call takes place just like a normal local call. The String response contains the answer of the Web Service SecureBrokerWS_Stub service = new SecureBrokerWS_Stub (); 3 service. _setproperty ( Stub. ENDPOINT_ADDRESS_PROPERTY, serviceurl ); 4 service. _setproperty ( Stub. SESSION_MAINTAIN_PROPERTY, new Boolean ( true )); 5 String response = service. buy (" fooid "); 6... Listing 1: Calling the Broker Web Service by using the stubs in the application code This example shows how simple it is to use WSA together with the Sun Java Wireless Toolkit 2.5 for accessing Web Services. After the stubs were automatically generated, it only took 4 lines of code to call the desired method on the Web Service. 7

10 4 Security and Trust Services API: Providing security for JavaME applications 4.1 Introduction to the Security and Trust Services API The Security and Trust Services API (SATSA) is defined through the Java Community Process as JSR 177. The main driving factor for this API was e-commerce and the motivation was to provide mobile applications with the ability of communicating in a secure way. SATSA is focused on achieving security by using so-called secure elements like Smart Cards or Wireless Identification Modules which provide basic cryptographic functionalities like confidentiality, authentication and integrity by means of encryption and digital signatures. SATSA is composed by four sub-apis, as it can be observed in Figure 4. Furthermore, they can be categorized in communication APIs: SATSA-Application Protocol Data Unit (APDU) Communication API and SATSA-Java Card RMI (JCRMI) Communication API, used for communicating with secure elements like Smart Cards by means of a lowlevel respectively an RMI-based protocol, and pure security APIs: SATSA-Public Key Infrastructure (PKI) Signature Service API and SATSA-CRYPTO Cryptographic API. For the purpose of this article the focus will be on SATSA-PKI. Further information with respect to the other SATSA APIs, including SATSA-PKI, can be obtained in [3], [4] and [1]. Figure 4: The SATSA APIs [3] SATSA-PKI provides a mobile application with the possibility of both requesting a digital signature from a Smart Card and managing certificates. A generated signature 8

11 can either be used to provide authentication, or it can be used for integrity and nonrepudiation. 4.2 Using SATSA PKI to secure the communication with Web Services Section 3 described how WSA can be used to access a Broker Web Service. The problem with this example is that no authentication takes place, so that anyone can use the service to buy stocks on behalf of someone else. In this subsection an approach to solving this problem is presented, using digital signatures generated by a Smart Card to authenticate the customer. For this, the Secure Broker Web Service is used as service endpoint. This Web Service is similar with the Broker Web Services, the only difference being that the Secure Broker Web Service expects a byte array as input for the buy() method. Generating the appropriate stubs and calling the Web Service is done just like in Subsection 3.2. The communication between the Mobile Client, the Smart Card and the Web Service is shown in Figure 5. Figure 5: Example: Mobile client generates a signature and calls the Secure Broker Web Service To generate a digital signature, the class CMSMessageSignatureService belonging SATSA-PKI API is used. This class defines 3 methods: one for authentication using a 9

12 string as input for the signature, one for authentication using a byte array as input and one for integrity and non-repudiation that uses a string as input. For this example, the method authenticate() taking a string as input will be used. The result will be a byte array that complies to the Formatted Digital Signature 4 format. Since the actual signing process takes place on the Smart Card, a communication with the Smart Card must take place.the Sun Java Wireless Toolkit (WTK) comes with the Java Card Platform Simulator which can be used to simulate Smart Cards in the Sun WTK emulator s slots. Along with this simulator come a couple of prebuilt memory images and a demo of how to use the SATSA-PKI API together with such an image to generate a digital signature. In order to communicate with the Secure Broker Web Service, the client application needs to provide a byte array containing the previous identifier, but this time it has to be signed and must include the certificate corresponding to the private key that was used to sign the string identifier. Listing 2 shows how this byte array is created. In line 4, the method autheticate() is called using as parameter a string identifier to be signed. The second parameter specifies that both the certificate and the content should be embedded in the output, whereas the canames parameter indicates which certificate should be used. The userprompt parameter is a string that is shown to the user when a connection with the Smart Card can not be established. To establish such a connection using the Sun WTK, the Java Card Platform Simulator needs to be started using the appropriate memory image. The entire code in Listing 2 must be executed in a separate thread. This is because the JSR 177 specification obliges the manufacturers of mobile devices that provide SATSA support to handle issues like requesting a PIN from the user in order to access the private key used for signature or showing the string to be signed to the user previous to signing. Such UI interaction can cause problems if is not implemented in a separate thread or if the application does not take in consideration that generating a signature involves additional user interaction String caname = "c=us,st =CA,l= Santa Clara,o= dummy CA,ou=JCT,cn= thehost "; 3 String [] canames = new String [1]; 4 authsignature = CMSMessageSignatureService. authenticate ( stringtosign, CMSMessageSignatureService. SIG_INCLUDE_CERTIFICATE CMSMessageSignatureService. SIG_INCLUDE_CONTENT, canames, userprompt ); 5... Listing 2: Generating a signature using SATSA-PKI Once the byte array containing the signed identifier (this is the same identifier used with the Broker Web Service and presented in Section 3) has been generated, it can be used as parameter to call the Secure Broker Web Service. In such a way the Secure Broker 4 10

13 Web Service can make sure that the request to buy stocks comes from the right person and has not been faked. The mobile client and the Web Service have now communicated in a secure way. 11

14 5 Discussion and Conclusion The purpose of this article was to show how two of the recently developed, optional JavaME APIs can be used to consume Web Services in a secure way. Using this approach presents some problems and limitations. The biggest problem is that, in this way, the developer of a Web Service must deal with both business logic and security issues. This is definitely not the right way, since security is a non-functional property of a system and should be separated from the business logic. Another problem of this approach is that there is no way of providing confidentiality by encrypting sensitive data or parts of a SOAP message transported over the network. Transport layer security like SSL cannot help here, since SOAP messages might travel between more hops. Message layer security can be provided by using WS-Security 5, a standard developed to solve the special security requirements of Web Services. It is also impossible to determine if a Web Service requires security just by analyzing the WSDL file. A solution for this problem, still under development, is to use a standard called WS-Policy 6. Still, the approach presented in this article can be used when the developer of the mobile application and the developer of the Web Service are one and the same, and the only security requirement is to provide authentication by using strong cryptography, like smart cards do

15 References [1] Sun Microsystems. Security and trust services apis for java 2 platform, micro edition. December [2] C. Enrique Ortiz. Introduction to j2me web services. April [3] C. Enrique Ortiz. The security and trust services api for j2me, part 1. March [4] C. Enrique Ortiz. The security and trust services api for j2me, part 2. September

Java ME Clients for XML Web Services

Java ME Clients for XML Web Services 66 Java ME Clients for XML Web Services Paul POCATILU Academy of Economic Studies, Bucharest Using Web services in developing applications has many advantages like the existence of standards, multiple

More information

Developing Web Services for Existing Java Applications

Developing Web Services for Existing Java Applications Developing Web Services for Existing Java Applications Mindfire Solutions www.mindfiresolutions.com March 12, 2003 Abstract: This paper discusses a RMI driven approach to building Web Services for an existing

More information

Developing Java Web Services

Developing Java Web Services Page 1 of 5 Developing Java Web Services Hands On 35 Hours Online 5 Days In-Classroom A comprehensive look at the state of the art in developing interoperable web services on the Java EE platform. Students

More information

WEB SERVICES. Revised 9/29/2015

WEB SERVICES. Revised 9/29/2015 WEB SERVICES Revised 9/29/2015 This Page Intentionally Left Blank Table of Contents Web Services using WebLogic... 1 Developing Web Services on WebSphere... 2 Developing RESTful Services in Java v1.1...

More information

Invocación remota (based on M. L. Liu Distributed Computing -- Concepts and Application http://www.csc.calpoly.edu/~mliu/book/index.

Invocación remota (based on M. L. Liu Distributed Computing -- Concepts and Application http://www.csc.calpoly.edu/~mliu/book/index. Departament d Arquitectura de Computadors Invocación remota (based on M. L. Liu Distributed Computing -- Concepts and Application http://www.csc.calpoly.edu/~mliu/book/index.html) Local Objects vs. Distributed

More information

A Middleware-Based Approach to Mobile Web Services

A Middleware-Based Approach to Mobile Web Services Abstract A Middleware-Based Approach to Mobile Web Services Pampa Sadhukhan, Pradip K Das, Rijurekha Sen, Niladrish Chatterjee and Arijit Das Centre for Mobile Computing and Communication (CMCC), Jadavpur

More information

JAVA API FOR XML WEB SERVICES (JAX-WS)

JAVA API FOR XML WEB SERVICES (JAX-WS) JAVA API FOR XML WEB SERVICES (JAX-WS) INTRODUCTION AND PURPOSE The Java API for XML Web Services (JAX-WS) is a Java programming language API for creating web services. JAX-WS 2.0 replaced the JAX-RPC

More information

Mobility Information Series

Mobility Information Series SOAP vs REST RapidValue Enabling Mobility XML vs JSON Mobility Information Series Comparison between various Web Services Data Transfer Frameworks for Mobile Enabling Applications Author: Arun Chandran,

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?

More information

ITS. Java WebService. ITS Data-Solutions Pvt Ltd BENEFITS OF ATTENDANCE:

ITS. Java WebService. ITS Data-Solutions Pvt Ltd BENEFITS OF ATTENDANCE: Java WebService BENEFITS OF ATTENDANCE: PREREQUISITES: Upon completion of this course, students will be able to: Describe the interoperable web services architecture, including the roles of SOAP and WSDL.

More information

JVA-561. Developing SOAP Web Services in Java

JVA-561. Developing SOAP Web Services in Java JVA-561. Developing SOAP Web Services in Java Version 2.2 A comprehensive look at the state of the art in developing interoperable web services on the Java EE 6 platform. Students learn the key standards

More information

The Study on Mobile Phone-oriented Application Integration Technology of Web Services 1

The Study on Mobile Phone-oriented Application Integration Technology of Web Services 1 The Study on Mobile Phone-oriented Application Integration Technology of Web Services 1 Li Luqun 1, 2 Li Minglu 1 Cui Xianguo 2 1. Department of Computer Science of Shanghai Jiaotong University, 1954 Huashan

More information

1 Mobile Data Mining on Small

1 Mobile Data Mining on Small 1 Mobile Data Mining on Small Devices Through Web Services Domenico Talia and Paolo Trunfio DEIS, University of Calabria Via Pietro Bucci 41C 87036 Rende (CS), Italy 1.1 INTRODUCTION Analysis of data is

More information

Java Web Services Training

Java Web Services Training Java Web Services Training Duration: 5 days Class Overview A comprehensive look at the state of the art in developing interoperable web services on the Java EE 6 platform. Students learn the key standards

More information

A standards-based approach to application integration

A standards-based approach to application integration A standards-based approach to application integration An introduction to IBM s WebSphere ESB product Jim MacNair Senior Consulting IT Specialist Macnair@us.ibm.com Copyright IBM Corporation 2005. All rights

More information

Research on the Model of Enterprise Application Integration with Web Services

Research on the Model of Enterprise Application Integration with Web Services Research on the Model of Enterprise Integration with Web Services XIN JIN School of Information, Central University of Finance& Economics, Beijing, 100081 China Abstract: - In order to improve business

More information

Service-Oriented Architectures

Service-Oriented Architectures Architectures Computing & 2009-11-06 Architectures Computing & SERVICE-ORIENTED COMPUTING (SOC) A new computing paradigm revolving around the concept of software as a service Assumes that entire systems

More information

CHAPTER 7 RESULT ANALYSIS AND STATISTICS. 7.1 Introduction to manual Vs automated testing

CHAPTER 7 RESULT ANALYSIS AND STATISTICS. 7.1 Introduction to manual Vs automated testing CHAPTER 7 RESULT ANALYSIS AND STATISTICS 7.1 Introduction to manual Vs automated testing Testing is considered to be the most crucial part of the software development life cycle. It is very important because

More information

000-371. Web Services Development for IBM WebSphere Application Server V7.0. Version: Demo. Page <<1/10>>

000-371. Web Services Development for IBM WebSphere Application Server V7.0. Version: Demo. Page <<1/10>> 000-371 Web Services Development for IBM WebSphere Application Server V7.0 Version: Demo Page 1. Which of the following business scenarios is the LEAST appropriate for Web services? A. Expanding

More information

Motivation Definitions EAI Architectures Elements Integration Technologies. Part I. EAI: Foundations, Concepts, and Architectures

Motivation Definitions EAI Architectures Elements Integration Technologies. Part I. EAI: Foundations, Concepts, and Architectures Part I EAI: Foundations, Concepts, and Architectures 5 Example: Mail-order Company Mail order Company IS Invoicing Windows, standard software IS Order Processing Linux, C++, Oracle IS Accounts Receivable

More information

Middleware and the Internet. Example: Shopping Service. What could be possible? Service Oriented Architecture

Middleware and the Internet. Example: Shopping Service. What could be possible? Service Oriented Architecture Middleware and the Internet Example: Shopping Middleware today Designed for special purposes (e.g. DCOM) or with overloaded specification (e.g. CORBA) Specifying own protocols integration in real world

More information

Java Security Web Services Security (Overview) Lecture 9

Java Security Web Services Security (Overview) Lecture 9 Java Security Web Services Security (Overview) Lecture 9 Java 2 Cryptography Java provides API + SPI for crypto functions Java Cryptography Architecture Security related core classes Access control and

More information

Getting started with API testing

Getting started with API testing Technical white paper Getting started with API testing Test all layers of your composite applications, not just the GUI Table of contents Executive summary... 3 Introduction... 3 Who should read this document?...

More information

An Introduction to J2EE by Mark Johnson

An Introduction to J2EE by Mark Johnson An Introduction to J2EE by Mark Johnson The Java 2, Enterprise Edition (J2EE) platform has been a global market-leading enterprise platform for the past several years. But like any large technology, J2EE

More information

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Michael P. Papazoglou (INFOLAB/CRISM, Tilburg University, The Netherlands)

More information

Introduction into Web Services (WS)

Introduction into Web Services (WS) (WS) Adomas Svirskas Agenda Background and the need for WS SOAP the first Internet-ready RPC Basic Web Services Advanced Web Services Case Studies The ebxml framework How do I use/develop Web Services?

More information

Virtual Credit Card Processing System

Virtual Credit Card Processing System The ITB Journal Volume 3 Issue 2 Article 2 2002 Virtual Credit Card Processing System Geraldine Gray Karen Church Tony Ayres Follow this and additional works at: http://arrow.dit.ie/itbj Part of the E-Commerce

More information

JavaPolis 2004 Middleware and Web Services Security

JavaPolis 2004 Middleware and Web Services Security JavaPolis 2004 Middleware and Web Services Security Dr. Konstantin Beznosov Assistant Professor University of British Columbia Do you know what these mean? SOAP WSDL IIOP CSI v2 Overall Presentation Goal

More information

Digital Signature Web Service Interface

Digital Signature Web Service Interface 1 2 Digital Signature Web Service Interface 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 1 Introduction This document describes an RPC interface for a centralized

More information

Introduction to Oracle WebLogic. Presented by: Fatna Belqasmi, PhD, Researcher at Ericsson

Introduction to Oracle WebLogic. Presented by: Fatna Belqasmi, PhD, Researcher at Ericsson Introduction to Oracle WebLogic Presented by: Fatna Belqasmi, PhD, Researcher at Ericsson Agenda Overview Download and installation A concrete scenario using the real product Hints for the project Overview

More information

Extreme Java G22.3033-006. Session 3 Main Theme Java Core Technologies (Part I) Dr. Jean-Claude Franchitti

Extreme Java G22.3033-006. Session 3 Main Theme Java Core Technologies (Part I) Dr. Jean-Claude Franchitti Extreme Java G22.3033-006 Session 3 Main Theme Java Core Technologies (Part I) Dr. Jean-Claude Franchitti New York University Computer Science Department Courant Institute of Mathematical Sciences Agenda

More information

1 What Are Web Services?

1 What Are Web Services? Oracle Fusion Middleware Introducing Web Services 11g Release 1 (11.1.1.6) E14294-06 November 2011 This document provides an overview of Web services in Oracle Fusion Middleware 11g. Sections include:

More information

Creating Web Services in NetBeans

Creating Web Services in NetBeans Creating Web Services in NetBeans Fulvio Frati fulvio.frati@unimi.it Sesar Lab http://ra.crema.unimi.it 1 Outline Web Services Overview Creation of a Web Services Server Creation of different Web Services

More information

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Middleware. Chapter 8: Middleware

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Middleware. Chapter 8: Middleware Middleware 1 Middleware Lehrstuhl für Informatik 4 Middleware: Realisation of distributed accesses by suitable software infrastructure Hiding the complexity of the distributed system from the programmer

More information

NetBeans IDE Field Guide

NetBeans IDE Field Guide NetBeans IDE Field Guide Copyright 2005 Sun Microsystems, Inc. All rights reserved. Table of Contents Extending J2EE Applications with Web Services...1 Consuming Existing Web Services...2 Implementing

More information

XML Parsing and Web Services Seminar Enterprise Computing

XML Parsing and Web Services Seminar Enterprise Computing Seminar Enterprise Computing Winter Term 2004/05 University of Applied Sciences, Aargau Faculty of Engineering and Technology Author: Siarhei Sirotkin Scientic Adviser: Prof. Dr. Dominik Gruntz Windisch,

More information

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices

More information

Introduction to Service Oriented Architectures (SOA)

Introduction to Service Oriented Architectures (SOA) Introduction to Service Oriented Architectures (SOA) Responsible Institutions: ETHZ (Concept) ETHZ (Overall) ETHZ (Revision) http://www.eu-orchestra.org - Version from: 26.10.2007 1 Content 1. Introduction

More information

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements

More information

Building Web Services with XML Service Utility Library (XSUL)

Building Web Services with XML Service Utility Library (XSUL) Building Web Services with XML Service Utility Library (XSUL) Aleksander Slominski IU Extreme! Lab August 2005 Linked Environments for Atmospheric Discovery Outline Goals and Features Creating Web Services

More information

Author: Gennaro Frazzingaro Universidad Rey Juan Carlos campus de Mostòles (Madrid) GIA Grupo de Inteligencia Artificial

Author: Gennaro Frazzingaro Universidad Rey Juan Carlos campus de Mostòles (Madrid) GIA Grupo de Inteligencia Artificial Simple Implementation of a WebService using Eclipse Author: Gennaro Frazzingaro Universidad Rey Juan Carlos campus de Mostòles (Madrid) GIA Grupo de Inteligencia Artificial Contents Web Services introduction

More information

Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006

Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006 Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006 This FAQ addresses frequently asked questions relating to Oracle Application Server 10g Release 3 (10.1.3.1) Web Services

More information

Middleware and the Internet

Middleware and the Internet Middleware and the Internet Middleware today Designed for special purposes (e.g. DCOM) or with overloaded specification (e.g. CORBA) Specifying own protocols integration in real world network? Non-performant

More information

1 What Are Web Services?

1 What Are Web Services? Oracle Fusion Middleware Introducing Web Services 11g Release 1 (11.1.1) E14294-04 January 2011 This document provides an overview of Web services in Oracle Fusion Middleware 11g. Sections include: What

More information

Grid Computing. Web Services. Explanation (2) Explanation. Grid Computing Fall 2006 Paul A. Farrell 9/12/2006

Grid Computing. Web Services. Explanation (2) Explanation. Grid Computing Fall 2006 Paul A. Farrell 9/12/2006 Grid Computing Web s Fall 2006 The Grid: Core Technologies Maozhen Li, Mark Baker John Wiley & Sons; 2005, ISBN 0-470-09417-6 Web s Based on Oriented Architecture (SOA) Clients : requestors Servers : s

More information

Contents. Client-server and multi-tier architectures. The Java 2 Enterprise Edition (J2EE) platform

Contents. Client-server and multi-tier architectures. The Java 2 Enterprise Edition (J2EE) platform Part III: Component Architectures Natividad Martínez Madrid y Simon Pickin Departamento de Ingeniería Telemática Universidad Carlos III de Madrid {nati, spickin}@it.uc3m.es Introduction Contents Client-server

More information

Mobile and Dynamic Web Services

Mobile and Dynamic Web Services Mobile and Dynamic Web Services Elena Sánchez-Nielsen, Sandra Martín-Ruiz, Jorge Rodríguez-Pedrianes Dpto. E.I.O. y Computación Escuela Técnica Superior de Ingeniería Informática Universidad de La Laguna,

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

PROGRESS Portal Access Whitepaper

PROGRESS Portal Access Whitepaper PROGRESS Portal Access Whitepaper Maciej Bogdanski, Michał Kosiedowski, Cezary Mazurek, Marzena Rabiega, Malgorzata Wolniewicz Poznan Supercomputing and Networking Center April 15, 2004 1 Introduction

More information

Web Services Advanced Topics

Web Services Advanced Topics Web Services Advanced Topics Where things are now and where they are going Version 9 Web Services Advanced Topics WSAdvanced-2 Enterprise Web Services Industry trends and organizations Security and Reliability

More information

JAVA API FOR XML WEB SERVICES INTRODUCTION TO JAX-WS, THE JAVA API FOR XML BASED WEB SERVICES (SOAP, WSDL)

JAVA API FOR XML WEB SERVICES INTRODUCTION TO JAX-WS, THE JAVA API FOR XML BASED WEB SERVICES (SOAP, WSDL) JAX-WS JAX-WS - Java API for XML Web Services JAVA API FOR XML WEB SERVICES INTRODUCTION TO JAX-WS, THE JAVA API FOR XML BASED WEB SERVICES (SOAP, WSDL) Peter R. Egli INDIGOO.COM 1/20 Contents 1. What

More information

Service Virtualization: Managing Change in a Service-Oriented Architecture

Service Virtualization: Managing Change in a Service-Oriented Architecture Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Web services can convert your existing applications into web applications.

Web services can convert your existing applications into web applications. i About the Tutorial Web services are open standard (XML, SOAP, HTTP, etc.) based web applications that interact with other web applications for the purpose of exchanging data Web services can convert

More information

OVERCOMING CHANNEL BANDWIDTH CONSTRAINTS IN SECURE SIM APPLICATIONS

OVERCOMING CHANNEL BANDWIDTH CONSTRAINTS IN SECURE SIM APPLICATIONS OVERCOMING CHANNEL BANDWIDTH CONSTRAINTS IN SECURE SIM APPLICATIONS John A. MacDonald 1, William Sirett 2 and Chris J. Mitchell 1 1 Information Security Group, Royal Holloway, University of London, Egham,

More information

e-gov Architecture Service Interface Guidelines

e-gov Architecture Service Interface Guidelines 1 Introduction... 4 2 Mandatory Standards... 5 2.1 WSDL... 5 2.1.1 Service Definition Layer... 5 2.1.2 Binding Layer... 6 2.2 SOAP... 7 2.3 UDDI... 8 2.3.1 Different types of UDDI registries... 8 2.3.2

More information

The presentation explains how to create and access the web services using the user interface. WebServices.ppt. Page 1 of 14

The presentation explains how to create and access the web services using the user interface. WebServices.ppt. Page 1 of 14 The presentation explains how to create and access the web services using the user interface. Page 1 of 14 The aim of this presentation is to familiarize you with the processes of creating and accessing

More information

Web Services Development In a Java Environment

Web Services Development In a Java Environment Web Services Development In a Java Environment SWE 642, Spring 2008 Nick Duan April 16, 2008 1 Overview Services Process Architecture XML-based info processing model Extending the Java EE Platform Interface-driven

More information

Your Mobile Phone as a Ticket (NFC)

Your Mobile Phone as a Ticket (NFC) Your Mobile Phone as a Ticket (NFC) Francisco Maria van Uden Chaves IST - Technical University of Lisbon Av. Prof. Cavaco Silva Tagus Park 2780-990 Porto Salvo, Portugal francisco.chaves@ist.utl.pt Abstract.

More information

Introduction to Sun ONE Application Server 7

Introduction to Sun ONE Application Server 7 Introduction to Sun ONE Application Server 7 The Sun ONE Application Server 7 provides a high-performance J2EE platform suitable for broad deployment of application services and web services. It offers

More information

JBoss SOAP Web Services User Guide. Version: 3.3.0.M5

JBoss SOAP Web Services User Guide. Version: 3.3.0.M5 JBoss SOAP Web Services User Guide Version: 3.3.0.M5 1. JBoss SOAP Web Services Runtime and Tools support Overview... 1 1.1. Key Features of JBossWS... 1 2. Creating a Simple Web Service... 3 2.1. Generation...

More information

A Signing Proxy for Web Services Security. Dr. Ingo Melzer RIC/ED

A Signing Proxy for Web Services Security. Dr. Ingo Melzer RIC/ED A Signing Proxy for Web Services Security Dr. Ingo Melzer RIC/ED What is a Web Service? Infrastructure Web Service I. Melzer -- A Signing Proxy for Web Services Security 2 What is a Web Service? basic

More information

Middleware Lou Somers

Middleware Lou Somers Middleware Lou Somers April 18, 2002 1 Contents Overview Definition, goals, requirements Four categories of middleware Transactional, message oriented, procedural, object Middleware examples XML-RPC, SOAP,

More information

Module 13 Implementing Java EE Web Services with JAX-WS

Module 13 Implementing Java EE Web Services with JAX-WS Module 13 Implementing Java EE Web Services with JAX-WS Objectives Describe endpoints supported by Java EE 5 Describe the requirements of the JAX-WS servlet endpoints Describe the requirements of JAX-WS

More information

Outline SOA. Properties of SOA. Service 2/19/2016. Definitions. Comparison of component technologies. Definitions Component technologies

Outline SOA. Properties of SOA. Service 2/19/2016. Definitions. Comparison of component technologies. Definitions Component technologies Szolgáltatásorientált rendszerintegráció Comparison of component technologies Simon Balázs, BME IIT Outline Definitions Component technologies RPC, RMI, CORBA, COM+,.NET, Java, OSGi, EJB, SOAP web services,

More information

AquaLogic Service Bus

AquaLogic Service Bus AquaLogic Bus Wolfgang Weigend Principal Systems Engineer BEA Systems 1 What to consider when looking at ESB? Number of planned business access points Reuse across organization Reduced cost of ownership

More information

Chapter 2: Remote Procedure Call (RPC)

Chapter 2: Remote Procedure Call (RPC) Chapter 2: Remote Procedure Call (RPC) Gustavo Alonso Computer Science Department Swiss Federal Institute of Technology (ETHZ) alonso@inf.ethz.ch http://www.iks.inf.ethz.ch/ Contents - Chapter 2 - RPC

More information

Get ready for SOA. Alena Buchalcevová, Roman Hauptvogl

Get ready for SOA. Alena Buchalcevová, Roman Hauptvogl Citace: BUCHALCEVOVÁ, Alena. Where in the curriculum is the right place for teaching agile methods? Prague 20.08.2008 22.08.2008. In: Proceedings 6th ACIS International Conference on Software Engineering

More information

Oracle EXAM - 1Z0-897. Java EE 6 Web Services Developer Certified Expert Exam. Buy Full Product. http://www.examskey.com/1z0-897.

Oracle EXAM - 1Z0-897. Java EE 6 Web Services Developer Certified Expert Exam. Buy Full Product. http://www.examskey.com/1z0-897. Oracle EXAM - 1Z0-897 Java EE 6 Web Services Developer Certified Expert Exam Buy Full Product http://www.examskey.com/1z0-897.html Examskey Oracle 1Z0-897 exam demo product is here for you to test the

More information

Service Computing: Basics Monica Scannapieco

Service Computing: Basics Monica Scannapieco Service Computing: Basics Monica Scannapieco Generalities: Defining a Service Services are self-describing, open components that support rapid, low-cost composition of distributed applications. Since services

More information

Web Service Testing. SOAP-based Web Services. Software Quality Assurance Telerik Software Academy http://academy.telerik.com

Web Service Testing. SOAP-based Web Services. Software Quality Assurance Telerik Software Academy http://academy.telerik.com Web Service Testing SOAP-based Web Services Software Quality Assurance Telerik Software Academy http://academy.telerik.com The Lectors Snejina Lazarova Product Manager Talent Management System Dimo Mitev

More information

How to Build an E-Commerce Application using J2EE. Carol McDonald Code Camp Engineer

How to Build an E-Commerce Application using J2EE. Carol McDonald Code Camp Engineer How to Build an E-Commerce Application using J2EE Carol McDonald Code Camp Engineer Code Camp Agenda J2EE & Blueprints Application Architecture and J2EE Blueprints E-Commerce Application Design Enterprise

More information

OsEra Enterprise Service Bus

OsEra Enterprise Service Bus OsEra Enterprise Service Bus OsEra Enterprise Service Bus... 1 Principles... 2 Characteristics of the OsEra Enterprise Service Bus... 4 Overall Architecture... 5 Mapping of OsEra Architectures to the ESB...

More information

Integration of Embedded Devices Through Web Services: Requirements, Challenges and Early Results

Integration of Embedded Devices Through Web Services: Requirements, Challenges and Early Results Integration of Embedded Devices Through Web Services: Requirements, Challenges and Early Results Guilherme Bertoni Machado Frank Siqueira Federal University of Santa Catarina Florianópolis, Brazil {bertoni,frank}@inf.ufsc.br

More information

Integration of Hotel Property Management Systems (HPMS) with Global Internet Reservation Systems

Integration of Hotel Property Management Systems (HPMS) with Global Internet Reservation Systems Integration of Hotel Property Management Systems (HPMS) with Global Internet Reservation Systems If company want to be competitive on global market nowadays, it have to be persistent on Internet. If we

More information

What is Middleware? Software that functions as a conversion or translation layer. It is also a consolidator and integrator.

What is Middleware? Software that functions as a conversion or translation layer. It is also a consolidator and integrator. What is Middleware? Application Application Middleware Middleware Operating System Operating System Software that functions as a conversion or translation layer. It is also a consolidator and integrator.

More information

Tool Support for Developing Scalable J2EE Web Service Architectures. Guus Ramackers Application Development Tools Oracle Corporation

Tool Support for Developing Scalable J2EE Web Service Architectures. Guus Ramackers Application Development Tools Oracle Corporation Tool Support for Developing Scalable J2EE Web Service Architectures Guus Ramackers Application Development Tools Oracle Corporation guus.ramackers@oracle.com www.oracle.com Using All This in Real Life

More information

Mutual Fund Web Service Developer Guide

Mutual Fund Web Service Developer Guide Mutual Fund Web Service Developer Guide Version 1.0 1 Table of Contents 1 Introduction 3 1.1 Summary 3 1.2 Audience 3 1.3 Terminology 3 1.4 What Kind of a Partner Site Am I? 3 1.4.1 Affiliate site 3 1.4.2

More information

Architectural Overview

Architectural Overview Architectural Overview Version 7 Part Number 817-2167-10 March 2003 A Sun ONE Application Server 7 deployment consists of a number of application server instances, an administrative server and, optionally,

More information

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2. Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions

More information

Complete Java Web Services Training INT2235; 4 Days; Instructor-led

Complete Java Web Services Training INT2235; 4 Days; Instructor-led Complete Java Web Services Training INT2235; 4 Days; Instructor-led Course Description The Complete Java Web Services class teaches students how to build Web Services and Web Service clients using Java

More information

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based

More information

Chapter 2: Cloud Basics Chapter 3: Cloud Architecture

Chapter 2: Cloud Basics Chapter 3: Cloud Architecture Chapter 2: Cloud Basics Chapter 3: Cloud Architecture Service provider s job is supplying abstraction layer Users and developers are isolated from complexity of IT technology: Virtualization Service-oriented

More information

Redbooks Paper. WebSphere Application Server V5 Architecture. Carla Sadtler

Redbooks Paper. WebSphere Application Server V5 Architecture. Carla Sadtler Redbooks Paper Carla Sadtler WebSphere Application Server V5 Architecture WebSphere Application Server is IBM 's implementation of the J2EE (Java 2 Enterprise Edition) platform, conforming to V1.3 of the

More information

Increasing IT flexibility with IBM WebSphere ESB software.

Increasing IT flexibility with IBM WebSphere ESB software. ESB solutions White paper Increasing IT flexibility with IBM WebSphere ESB software. By Beth Hutchison, Katie Johnson and Marc-Thomas Schmidt, IBM Software Group December 2005 Page 2 Contents 2 Introduction

More information

Software Design Document Securing Web Service with Proxy

Software Design Document Securing Web Service with Proxy Software Design Document Securing Web Service with Proxy Federated Access Manager 8.0 Version 0.3 Please send comments to: dev@opensso.dev.java.net This document is subject to the following license: COMMON

More information

Concept, implementation and performance testing of a mobile Web Service provider for Smart Phones

Concept, implementation and performance testing of a mobile Web Service provider for Smart Phones Ome Srirama Chair of Information Systems LuFG Cooperation Systems Aachen University of Technology Prof. Dr. Wolfgang Prinz Master Thesis Concept, implementation and performance testing of a mobile Web

More information

COM 440 Distributed Systems Project List Summary

COM 440 Distributed Systems Project List Summary COM 440 Distributed Systems Project List Summary This list represents a fairly close approximation of the projects that we will be working on. However, these projects are subject to change as the course

More information

Java ME & NetBeans Mobility. Petr Suchomel Architect, NetBeans Mobility Sun Microsystems

Java ME & NetBeans Mobility. Petr Suchomel Architect, NetBeans Mobility Sun Microsystems Java ME & NetBeans Mobility Petr Suchomel Architect, NetBeans Mobility Sun Microsystems Agenda Java ME introduction Java ME applications NetBeans Mobility Edition Power of advanced features Demos, demos,

More information

Building Web Services with Apache Axis2

Building Web Services with Apache Axis2 2009 Marty Hall Building Web Services with Apache Axis2 Part I: Java-First (Bottom-Up) Services Customized Java EE Training: http://courses.coreservlets.com/ Servlets, JSP, Struts, JSF/MyFaces/Facelets,

More information

What is a Web service?

What is a Web service? What is a Web service? Many people and companies have debated the exact definition of Web services. At a minimum, however, a Web service is any piece of software that makes itself available over the Internet

More information

Stock Trader System. Architecture Description

Stock Trader System. Architecture Description Stock Trader System Architecture Description Michael Stevens mike@mestevens.com http://www.mestevens.com Table of Contents 1. Purpose of Document 2 2. System Synopsis 2 3. Current Situation and Environment

More information

000-575. IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>>

000-575. IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>> 000-575 IBM Tivoli Federated Identity Manager V6.2.2 Implementation Version: Demo Page 1.What is the default file name of the IBM Tivoli Directory Integrator log? A. tdi.log B. ibmdi.log C. ibmdisrv.log

More information

RMI Client Application Programming Interface

RMI Client Application Programming Interface RMI Client Application Programming Interface Java Card 2.2 Java 2 Platform, Micro Edition Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, CA 94303 U.S.A. 650-960-1300 June, 2002 Copyright 2002 Sun

More information

Securing Web Services From Encryption to a Web Service Security Infrastructure

Securing Web Services From Encryption to a Web Service Security Infrastructure Securing Web Services From Encryption to a Web Service Security Infrastructure Kerberos WS-Security X.509 TLS Gateway OWSM WS-Policy Peter Lorenzen WS-Addressing Agent SAML Policy Manager Technology Manager

More information

Mobile Devices and Web Services

Mobile Devices and Web Services 7th WSEAS International Conference on APPLIED COMPUTER SCIENCE, Venice, Italy, November 21-23, 2007 322 Mobile Devices and Web Services TOMAS KOZEL, ANTONIN SLABY Univerzity of Hradec Kralove Department

More information

T-110.5140 Network Application Frameworks and XML Web Services and WSDL 15.2.2010 Tancred Lindholm

T-110.5140 Network Application Frameworks and XML Web Services and WSDL 15.2.2010 Tancred Lindholm T-110.5140 Network Application Frameworks and XML Web Services and WSDL 15.2.2010 Tancred Lindholm Based on slides by Sasu Tarkoma and Pekka Nikander 1 of 20 Contents Short review of XML & related specs

More information

Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus

Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus Course materials may not be reproduced in whole or in part without the prior written permission of IBM. 4.0.3 Unit objectives

More information

A Guide to Creating C++ Web Services

A Guide to Creating C++ Web Services A Guide to Creating C++ Web Services WHITE PAPER Abstract This whitepaper provides an introduction to creating C++ Web services and focuses on:» Challenges involved in integrating C++ applications with

More information

Chapter 4. Architecture. Table of Contents. J2EE Technology Application Servers. Application Models

Chapter 4. Architecture. Table of Contents. J2EE Technology Application Servers. Application Models Table of Contents J2EE Technology Application Servers... 1 ArchitecturalOverview...2 Server Process Interactions... 4 JDBC Support and Connection Pooling... 4 CMPSupport...5 JMSSupport...6 CORBA ORB Support...

More information